Multimedia output device having embedded encryption functionality

ABSTRACT

A multimedia output device having embedded encryption functionality enables the outputting of content in an encrypted form. The multimedia output device receives the content to be encrypted, encrypts the content, and generates an electronic output of the encrypted content. The multimedia output device also generates an associated paper output that provides information about the decryption, such as a key, an identification of the electronic output of the encrypted content, and optionally a description of the contents of the content encrypted.

CROSS REFERENCE TO RELATED APPLICATIONS

The present application is a continuation of U.S. patent applicationSer. No. 10/814,841 titled “Multimedia Output Device Having EmbeddedEncryption Functionality” filed on Mar. 30, 2004 now U.S. Pat. No.7,275,159 which is a continuation-in-part and claims priority from theU.S. patent application Ser. No. 10/639,282, titled “Physical Key ForAccessing a Securely Stored Digital Document”, filed Aug. 11, 2003, thecontents of which are both incorporated by reference herein in theirentirety.

U.S. patent application Ser. No. 10/814,841 further claims priorityunder 35 U.S.C. § 119(e) to U.S. Provisional Application Ser. No.60/506,303, filed Sep. 25, 2003, titled “Printer Including One or MoreSpecialized Hardware Devices” and U.S. Provisional Application Ser. No.60/506,302, filed Sep. 25, 2003, titled “Printer Including Interface andSpecialized Information Processing Capabilities,” the contents of whichare both incorporated by reference herein in their entirety.

BACKGROUND

1. Field of the Invention

This invention relates generally to multimedia output devices that haveembedded encryption functionality, and in particular to methods andsystems that encrypt content and provide electronic output andassociated paper output that provides information about the decryption.

2. Background of the Invention

Frequently, users need to maintain security of electronic data. Dataencryption is one of the most effective ways to achieve data security.To read an encrypted file, one needs to have access to a key or passwordthat enables a user to decrypt the file. A one-time pad algorithm is awell-known encryption algorithm used by some very secure encryptionsystems. According to this technique, the decryption key is of the samelength as the data that needs to be encrypted. As a result, thistechnique presents difficulties for users because they cannot rememberlong strings of random characters.

Alternative solutions to using the one-time pad algorithm are known. Onesolution requires users to provide their own passwords that are used toencrypt data. However, user-provided passwords are often vulnerable topassword cracking techniques.

Another solution requires users to register with some authority, such asa public-key authority, to set up a public-private key pair used toencrypt and decrypt the data. However, most people do not have time toset up such keys.

To overcome the limitations of existing encryption techniques, it hasbeen known to embed encryption functionality in computing devices. Thesecomputing devices are adapted to generate keys used to encrypt ordecrypt data. To produce a paper output of the generated key, thesedevices need to send instructions to a printer or other output device.In addition, if a user desires to create multiple copies of theencrypted data, the computing device needs to be equipped with aplurality of removable media devices. Thus, if a user desires to havemultiple copies of the encrypted data in the electronic format as wellas a paper output of the generated key, a user needs to have at least acomputing device having encryption functionality, a printer, and adevice capable of writing encrypted data to multiple removable mediadevices.

Furthermore, existing computing devices that embed encryptionfunctionality do not generate separate keys for each encrypted data.This is undesirable because it reduces the security of the systembecause multiple encrypted data would share the same key.

Accordingly, what is needed is a device that embeds the encryptionfunctionality of the conventional computing device without thelimitations of conventional techniques for outputting decryptioninformation.

SUMMARY OF THE INVENTION

A multimedia output device having embedded encryption functionalityenables the outputting of content in an encrypted form. The multimediaoutput device receives the content, encrypts the content, and providesan electronic output of the encrypted content. In certain embodiments,the multimedia output device also generates an associated paper outputthat provides information about the encryption, such as a decryptionkey, an identification of the electronic output of the encryptedcontent, and optionally a description of the content. The separation ofthe decryption key from the encrypted content provides security for theencrypted content since the key is stored separately from the encryptedcontent. If the encrypted content fell into unauthorized hands, anunintended recipient would not have the key to decrypt the content.

In one embodiment, a multimedia output device includes an interface forreceiving content, such as audio or video content, and a contentprocessing system coupled to the interface to receive the content. Thecontent processing system, in turn, includes an encryption module thatperforms the encryption functionality. In one embodiment, the encryptionmodule generates a key and encrypts the content using the generated key.In another embodiment, the encryption module encrypts the receivedcontent using a key provided by the user. The encryption module executesa key and metadata generation module, which is adapted to receiveunencrypted content and to generate various levels of description of thecontent in response to a user's selection of a security level. Such adescription includes keywords, key frames from a video, or just a title.Thus, a low security level would result in a description containingmeaningful keywords or key frames while a high security level wouldresult in a printed description that revealed less about the content. Inone embodiment, the key and metadata module is further adapted togenerate decryption information, which includes a generated key, anidentifier of the electronic output of the encrypted content, anddescription of the encrypted content.

The multimedia output device also includes an electronic output systemadapted to receive the encrypted content and produce a correspondingelectronic output. The multimedia output device also includes a printingoutput system in communication with the processing system. The printingoutput system receives decryption information from the key and metadatamodule and generates an associated paper output that providesinformation about the decryption.

The multimedia output device also includes a user interface thatprovides to a user a selection of the options in connection with dataencryption. Such options include the type of encryption desired, theoutput format of the encrypted content, and the output format of thedecryption information. Various encryption techniques include symmetricencryption, a public key encryption, and symmetric encryption with thekey encrypted with a recipient's public key. The choices of the outputformat for the encrypted data and for decryption information include anelectronic format and a paper format. Additionally, the user interfaceallows a user to choose the level of security at which decryptioninformation will be provided.

Additional embodiments of the invention provide for encryption of audioand video data. To this end, the key and metadata module is adapted toperform various levels of processing of audio and video data, such asproducing a transcript and extracting keywords from audio data,extracting key frames from video data and printing them on paper alongwith bar codes. A user is allowed to choose the level of security withwhich the decryption information should be printed. The encryptionmodule, in turn, is adapted to encrypt audio and video data usingvarious encryption algorithms for encrypting audio and video data.

Additional embodiments of the multimedia output device provide forreceiving content, encrypt the content using a user's private key, andoutputting the encrypted content that can be decrypted using a user'spublic key. This embodiment is beneficial because it provides theability for a recipient to authenticate the content. The content can beboth encrypted and signed, to provide security and authentication.

Additional embodiments of the invention provide for decryption ofencrypted content. Multimedia output device is adapted to receiveencrypted content and a key used to decrypt the content. Multimediaoutput device decrypts the content using well-known techniques andgenerates an electronic output of the decrypted content. In addition,the multimedia output device is adapted to process the decrypted contentand to produce a summary, which is outputted on any medium selected by auser.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1A is a schematic diagram of a system in accordance with anembodiment of the invention.

FIG. 1B is a schematic diagram of an embodiment of the system shown inFIG. 1A that performs decryption of encrypted content.

FIG. 2A is a user interface for selecting an electronic format andsecurity level of a paper output in accordance with an embodiment of theinvention.

FIG. 2B is an example of a paper output of decryption information inaccordance with an embodiment of the invention.

FIG. 2C is an example of a paper output of decryption information inaccordance with another embodiment of the invention.

FIG. 2D is an embodiment of system 100 in which decryption informationis provided in a paper format.

FIG. 2E is an embodiment of system 100 in which decryption informationis provided in an electronic format.

FIG. 3 is a schematic diagram of various processing systems of themultimedia output device in accordance with embodiments of the presentinvention.

FIG. 4A is a flow diagram of the process performed by the multimediaoutput device in accordance with one embodiment of the presentinvention.

FIG. 4B is a flow diagram of the process performed by the multimediaoutput device in accordance with another embodiment of the presentinvention.

FIG. 5 is a block diagram of functional modules of encryption module inaccordance with one embodiment of the present invention.

FIG. 6 is a flow chart of the embodiment in which symmetric keyencryption is used.

FIG. 7A is a flow chart of the embodiment in which public key encryptionis used.

FIG. 7B is a flow chart of the embodiment in which content is encryptedusing a user's private key.

FIG. 8 is a flow chart of the embodiment in which symmetric key isencrypted with a public key.

FIG. 9 is a flow diagram of the embodiment in which multiple keys aregenerated.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

Various embodiments of a multimedia output device 120 having embeddedencryption functionality enable the outputting of content in anencrypted form. Certain embodiments also output an associated paperoutput that provides information about decryption, such as a decryptionkey, an identification of the electronic output of the encryptedcontent, and description of the content encrypted. Depending on thedesired application for the multimedia output device 120, the multimediaoutput device 120 includes any number of devices for receiving thecontent, outputting the paper output, and producing the electronicoutput.

Overall System Architecture

FIG. 1A is a high-level diagram of one embodiment of a system 100 inaccordance with the present invention. System 100 includes a multimediaoutput device 120 capable of receiving content 150 to be encrypted andproviding an electronic output 170 of the encrypted content and anassociated output 160 that provides information about decryption. Insome embodiments, output 160 is printed on paper. In other embodiments,output 160 is written to a digital medium. In still other embodiments,output 160 is displayed on a display screen. In an alternativeembodiment, device 120 is adapted to output encrypted content andinformation about decryption serially onto a single output medium. Forexample, device 120 outputs encrypted content onto a digital medium andthen outputs decryption information onto the same medium.

Content includes one or a combination of audio (including music, radiobroadcasts, recordings, advertisements, etc.), video (including movies,video clips, television broadcasts, advertisements, etc.), software(including video games, multimedia programs, graphics software, etc.),pictures (including jpeg, jpeg2000, gif, tif, etc.) and documents(including Postscript, PCL, pdf, Word, etc.). This listing, however, isnot exhaustive. Content may be encoded in any format or encodingtechnology, including Moving Pictures Experts Group (MPEG-2) format forvideo and MPEG-3 (mp3) for audio.

Multimedia output device 120 receives unencrypted content 150, encryptsthe received content, and produces an electronic output of the encryptedcontent in any desired format. Multimedia output device 120 also outputsoutput 160 providing information about decryption of the content.

Multimedia output device 120 receives unencrypted content 150 fromvarious sources, as will be discussed in greater detail in reference toFIG. 3. The multimedia output device 120 uses a variety of encryptionalgorithms to encrypt content 150, such as triple Data EncryptionStandard (DES) algorithm, symmetric key encryption, one time path,public key encryption, encryption using symmetric key with furtherencryption of the symmetric key with a user's public key, and encryptionusing symmetric key with further encryption of the symmetric key usingthe recipient's public key.

The multimedia output device 120 writes the electronic output 170 of theencrypted content to a media device, such as a writeable DVD or CD, avideo cassette tape, an audio cassette tape, a flash card, a computerdisk, an SD disk, a memory stick, or any other appropriateelectronically-readable medium. The encrypted data can be transmittedover a network, written to a memory device via USB or IEEE 1394. Theencrypted content can also be printed to paper.

The multimedia output device 120 also outputs an associated output 160that provides information about the decryption, such as the key“F54jk890XC” 270, an identification of the electronic output of theencrypted content, such as “DVD number 45378” 260 (as shown in FIG. 2B).The decryption information optionally includes a description of thecontent. This information will be used by the intended recipient of theencrypted content to decrypt the data. As used herein, the word “key”means a password, data, or a table used to decrypt encrypted data. Inalternative embodiments, the decryption information is provided in anelectronic format separately from the encrypted content.

The separation of the key from the encrypted content provides securityfor the encrypted content since the paper or any other medium containingthe key is stored separately from the encrypted content. If theencrypted content fell into unauthorized hands, the unintended recipientwould not have the key to decrypt the data. Accordingly, the loss of theoutput 160 that includes the decryption information does not affect thesecurity of the electronic output 170 as long as both the output 160 andelectronic output 170 do not fall into the unauthorized hands.

It should be noted that a user is allowed to provide a selection of theoptions in connection with data encryption. Such options include thetype of encryption desired, the output format of the encrypted data, andthe output format for the encryption data, as will be described in moredetail below in reference to FIG. 2A.

The multimedia output device 120 preferably includes any necessarysubsystem, as known by one skilled in the art, to print on a printablemedium, such as a sheet of paper. Although outputting on paper isdiscussed above, it should be understood that a multimedia output devicein accordance with various embodiments of the present invention couldproduce an image, words, bar codes, or other markings onto a variety ofmedia, such as transparency sheets for overhead projectors, film,slides, canvas, glass, stickers, or any other medium that accepts suchmarkings.

Depending on the intended application, multimedia output device 120takes many different forms other than the typical office or home-usemultimedia output device with which most people are familiar. Therefore,it should be understood that the definition of the multimedia outputdevice 120 includes any device that is capable of producing an image,words, or any other markings on a surface.

FIG. 1B is a high-level diagram of the system shown in FIG. 1A, in whichmultimedia output device 120 is adapted to receive encrypted content 171and a key (not shown) used to decrypt the content 171 and to producedecrypted electronic output 172 and/or decrypted paper output 174. Itshould be noted that encrypted content 171 could be encrypted output 170generated by device 120. Alternatively, encrypted content 171 is anyencrypted content provided by a user. A key can be provided to device120 via a keyboard, scanning a bar code, or using any known opticalcontent recognition (OCR) technique with a key printed on paper orprovided electronically by a driver software.

It should be noted that multimedia output device 120 is adapted todecrypt encrypted content 171 using any well-known decryption technique.The multimedia output device 120 is adapted to perform furtherprocessing of the decrypted content to produce a summary of the content.Such a summary could be outputted onto any medium specified by a user.

User Interface

FIG. 2A illustrates an exemplary user interface (UI) 200 for selectingvarious options in connection with encryption functionality embeddedinto multimedia output device 120. For example, a user is allowed tochoose the type of encryption desired, the output format of theencrypted data, the output format for the decryption information, and adesired security level at which information about the decryption shouldbe outputted.

The UI 200 is preferably displayed on a screen on which information isconveyed to the user. UI 200 preferably also includes a mechanism forallowing a user to input responses and make selections. In oneembodiment, the UI 200 includes a touch screen 206, which allows theuser to make selections and inputs by touching an appropriate part ofthe screen. In one embodiment, a keypad is also provided for entry ofalphanumeric data. In an alternative embodiment, a joystick, trackballor other input device is used to provide input and make selections. Itshould be noted that in alternative embodiments, the user's input isprovided via a multimedia output device driver dialog box on any clientdevice or via a web page that sends data to multimedia output device 120via secure HTTP or some other network protocol. As used herein, the“client device” is any wired or wireless device, including, but notlimited to PDAs, cell phones, and stand alone computer systems.

As shown in FIG. 2A, UI 200 presents a user with a choice of the type ofencryption desired. Such choices include symmetric encryption 212,public key encryption 214, and encryption using symmetric key withfurther encryption of the symmetric key using a recipient's public key216. It should be noted that a recipient could be a user or any otherintended recipient. These methods will be described in greater detailbelow. Screen 206 of UI 200 includes an instruction to the user to“select type of encryption.” If a user selects the public key encryptionmethod or symmetric encryption method with symmetric key encrypted witha recipient's public key, the user is provided with an option ofentering his public key or the intended recipient's public key.Optionally, a user is allowed to choose the length of the key that willbe used to decrypt the encrypted content. In addition, a user is allowedto edit the content before it is encrypted.

The UI 200 also allows a user to choose an output format for theencrypted content. Such choices include, for example, providing theencrypted content in an electronic format or in a paper format. Asdiscussed above, the choices of the electronic formats presented to auser include, but are not limited to, removable storage devices, such asa writeable DVD or CD, a video cassette tape, an audio cassette tape, acomputer disk, a SD disk, a USB drive, or any other appropriateelectronically-readable medium. In the illustrated embodiment, the userselects from DVD 220, CD 222, SD 224, USB 226, File 228, and email 230.These options are shown by way of an example only. Those skilled in theart will appreciate that the present invention may be applied to anyother output format that exists or may exist in the future.

The UI 200 optionally allows a user to select an output format for thedecryption information (not shown). Such choices include providing thedecryption information in an electronic format or in a paper format. Thechoices of the electronic formats presented to a user include, but arenot limited to, removable storage devices, such as a writeable DVD orCD, a video cassette tape, an audio cassette tape, a computer disk, anSD disk, a USB drive, or any other appropriate electronically-readablemedium.

In addition, the UI 200 allows the user to select a desired securitylevel at which information about the decryption should be outputted. Theembodiment of FIG. 2A shows ten security settings for selecting a papersecurity level. Ten security settings (1-10) are referenced by legendnumbers 232-250 respectively. UI 200 includes several selections for theuser to choose from. In the illustrated embodiment, a user is allowed toselect a desired security level by checking an appropriate box. Itshould be noted that a user's choice of the level of security is basedon the user's desire to trade off security and utility of the paperoutput. In one implementation, when the user selects the most secure(level 10), the generated output 160 identifies only the electronicoutput 170 of the encrypted data and the key that decrypts the content.When the user selects a less secure paper representation of decryptioninformation, such as level 9, the output 160 includes, for example, ashort description of the encrypted content, such as the date and titleof the content.

FIG. 2B, illustrates an example paper output 160 a of decryptioninformation in accordance with one embodiment. In the illustratedembodiment, the paper output 160 a is shown in response to a userselection of the security level 10 and “DVD” as an electronic format forthe encrypted content. The paper output 160 a provides minimum requiredinformation to decrypt the encrypted content 150. Output 160 a, forexample, provides an identifier 260 of the electronic output of theencrypted content, such as “DVD number 45378” and the key 270 thatdecrypts the content, such as “F54jk890XC.”

FIG. 2C, illustrates an example paper output 160 b of decryptioninformation in response to a user selection of the security level 9 and“DVD” as an electronic format for the encrypted content. In theillustrated embodiment, the paper output 160 b provides a less securepaper representation of encrypted information than the one shown in FIG.2B. Such a printout additionally includes information, such as the date280 and title 290 of the content. Although this description is lesssecure, it has more utility because it describes the encrypted contentwith greater particularity.

FIG. 2D is an embodiment of system 100 in which decryption informationis provided in the form of a paper output. FIG. 2D shows two paperoutputs 160 a and 160 b of FIGS. 2B and 2C. Output 160 a providesdecryption information in response to a user choosing the most securelevel of security (level 10) of outputting decryption information.Output 160 b provides decryption information in response to a userchoosing a less secure level (level 9). As shown in FIG. 2D, encryptedcontent is provided in the electronic format, such as a writeable DVD170.

FIG. 2E shows an alternative embodiment of system 100. In thisembodiment, decryption information is stored in the electronic format,such as on a writeable DVD 160. When a one-time pad algorithm is used toencrypt content, the key used to decrypt the content has a long stringof characters. Accordingly, outputting decryption information in theelectronic format beneficially allows a user to store the long string ofcharacters of the decryption key. In alternative embodiments, decryptioninformation could be outputted on any type of non-volatile storagemedium. The decryption information can also be emailed to a user orcould be displayed on a UI 200.

Architecture of Multimedia Output Device

FIG. 3 is a block diagram of one embodiment of multimedia output device120. Multimedia output device 120 includes a source interface 305, auser interface 200, a printing output system 315, an electronic outputsystem 320, and a content processing system 325. Capable of receivingcontent 150, the source interface 305 takes a variety of forms andincludes one or more devices that receive content or create content byobserving a content event. Similarly, the printing output system 315 andthe electronic output system 120 take a variety of forms and eachincludes one or more devices that produce, respectively, an output 160(printed or electronic) and an electronic output 170. Various componentsof multimedia output device 120 are further described in co-pending U.S.patent application Ser. No. 10/814,931 entitled, “Printer HavingEmbedded Functionality for Printing Time-Based Media,” to Hart et. al.,filed Mar. 30, 2004, which application is incorporated by reference inits entirety.

The user interface 200 has been described above in reference to FIG. 2A.The user interface 200 includes a display system, software forcommunicating with an attached display, or any number of embodimentsdescribed in co-pending U.S. patent application Ser. No. 10/814,700entitled, “Printer User Interface,” to Hart et. al., filed Mar. 30,2004, which application is incorporated by reference in its entirety.The content processing system 325 is coupled to the source interface 305and the user interface 200. The content processing system 325 is alsocoupled to the printing output system 315 and to the electronic outputsystem 320 for providing the appropriate commands and data to thosesystems.

The content processing system 325 includes a processor 335 and a memory330. Content processing system 325 also includes an encryption module340. The encryption module 340 is adapted to receive content fromvarious sources and to encrypt the received content. The encryptionmodule 340 includes software, hardware, or a combination thereof forimplementing an encryption functionality of multimedia output device120.

The electronic output system 320 receives the encrypted content andgenerates an electronic output of the encrypted content, as describedabove in reference to FIG. 1A. In one embodiment, multimedia outputdevice 120 writes the electronic output to a media device with a mediawriter (not shown). The media devices includes, for example, a removablestorage devices such as a writeable DVD or CD, a video cassette tape, anaudio cassette tape, a flash card, a computer disk, an SD disk, a memorystick, or any other appropriate electronically-readable medium. Themedia writer is further adapted to attach a unique identification of theencrypted content to a removable storage device that stores theencrypted content. Such identification, for example, includes acombination of alphanumeric characters.

The printing output system 315 produces an associated printed output ofthe decryption information. Such printed information includes, forexample, a decryption key, an identification of the electronic output ofthe encrypted content, and optionally a description of the contentsencrypted. The printing output system 315 comprises any standardprinting hardware, including the one that is found in standard lasermultimedia output devices, inkjet multimedia output devices, thermal waxtransfer printers, dot matrix printers, and other printers as are knownin the art.

Multimedia output device 120 includes an embedded Audio/Video (A/V)content recognition module 370 that performs one or more of video eventdetection, video foreground/background segmentation, face detection,face image matching, face recognition, face cataloging, video textlocalization, video optical character recognition (OCR), languagetranslation, frame classification, clip classification, image stitching,audio reformatting, speech recognition, audio event detection, audiowaveform matching, caption alignment, audio-caption alignment, and anyother type of content recognition algorithms.

Multimedia output device 120 also includes a control module (not shown)that allows a user to edit the input content before it is encrypted. Itshould be noted that the control module is adapted to reside on thedevice associated with a user or on some other external device.

Various embodiments of multimedia output device 120 having audio/videocontent recognition are described in a co-pending U.S. patentapplication Ser. No. 10/814,950 entitled, “Printing System With EmbeddedAudio/Video Content Recognition and Processing,” to Hull et. al., filedMar. 30, 2004, which application is incorporated by reference in itsentirety.

Content Source Interface

FIG. 3 further illustrates some examples of external sources from whichmultimedia output device 120 receives content 150. Depending on thedesired input, the interface 305 allows the multimedia output device 120to communicate with a wide variety of different electronic devices thatcan provide the multimedia output device 120 with content to print.Without intending to limit the types of devices, the interface 305allows the multimedia output device 120 to receive content from externalsources such as computer systems, computer networks, digital cameras,video cameras, media renderers (such as DVD and CD players), mediareceivers (such as televisions, satellite receivers, set-top boxes,radios, and the like), external storage devices, video game systems, orany combination thereof. The connection type for the interface 305 takesa variety of forms based on the type of device that is intended to beconnected to the multimedia output device 120 and the available standardconnections for that type of device. For example, the interface 305comprises a port for connecting the device using a connection type suchas USB, serial, FireWire, SCSI, IDE, RJ11, optical, composite video,component video, or S-video, or any other suitable connection type. Theinterface 305 can be a wireless interface that allows the multimediaoutput device 120 to receive content from a wireless device external tothe multimedia output device 120. The interface 305 can allow themultimedia output device 120 to communicate with any number of wirelesscommunication systems, such as wireless components on a home or businessnetwork, cellular phones and other portable wireless devices,satellites, satellite dishes, and devices using radio transmissions.Depending on the types of external devices with which the multimediaoutput device 120 is desired to communicate, the interface 305 compriseshardware and/or software that implements a wireless communicationsprotocol, such as that described in IEEE 802.11 or the Bluetoothstandard.

In another embodiment, the multimedia output device 120 receives contentfrom a removable media storage reader 360 that is built into themultimedia output device 120. The removable media storage reader 360 isconfigured to accommodate any type of removable media storage device,such as DVDs, CDs, video cassette tapes, audio cassette tapes, floppydisks, ZIP disks, flash cards, micro-drives, memory sticks, SD disks,scanners, pdf machines, or any other suitable type of media storagedevices. Moreover, the multimedia output device 120 is configured toinclude a plurality of removable media storage readers 360 toaccommodate multiple types of media storage devices.

In another embodiment, the multimedia output device 120 includes anembedded video recorder (not shown in FIG. 3). In this embodiment, theexternal source of content is a series of images captured by theembedded video recorder. The video recorder, such as a camera, CCD, orother suitable mechanism for capturing a sequence of images, converts ascene into a suitable electrical format, such as that described in theMPEG, H.263, or H.264 standards.

In another embodiment, the multimedia output device 120 includes anembedded audio recorder (not shown in FIG. 3). In this embodiment, theexternal source of content is a series of sounds that are converted intoa digital format by the embedded audio recorder. The audio recorderconverts the recorded sound signal into a suitable electrical format,such as MPEG-2.

In another embodiment, the multimedia output device includes videocapture hardware (not shown). In one embodiment, the video capturehardware is designed to be coupled to a computing system by a videocable thereof. The video cable from a display is attached to themultimedia output device 120, where the video signal is split with onesignal directed to the computing system and another signal to the videocapture hardware. The video capture hardware performs a differencingbetween successive frames of the video signal and saves frames with adifference that exceeds a threshold on a secondary storage in themultimedia output device 120. This offloads such processing from thecomputing system, thereby improving responsiveness and user experienceand providing an easily browseable record of a user's activities duringthe day.

Various components of multimedia output device 120 and various contentsources are further described in co-pending U.S. patent applications,each of which is incorporated by reference in its entirety: U.S. patentapplication Ser. No. 10/814,931 entitled, “Printer Having EmbeddedFunctionality for Printing Time-Based Media,” to Hart et. al, filed Mar.30, 2004, and U.S. patent application Ser. No. 10/814,948 entitled,“Networked Printing System Having Embedded Functionality for PrintingTime-Based Media,” to Hart et. al, filed Mar. 30, 2004.

Methods of Operation

FIG. 4A is an overview of a generalized process by which the multimediaoutput device 120 creates an encrypted representation of the content andpaper representation of decryption information in accordance with oneembodiment of the present invention. It should be noted that methodsrelated to various types of encryption techniques utilized by multimediaoutput device 120 are described in more detail below in reference toFIGS. 6-8.

The process starts 405 and the multimedia output device 120 receives 410content from an external source. This content is received as digital oranalog content, or it may be an observable event that interface 305records as digital or analog data. Encryption module 340 encrypts thereceived content 420 according to, for example, a known encryptionalgorithm. Multimedia output device 120 provides 430 an output of theencrypted content. As described above, the encrypted content isoutputted in an electronic format or in a paper format, as desired by auser. Multimedia output device 120 also provides 440 an output of thedecryption information, such as a decryption key, identification of theelectronic output of the encrypted content, and optionally contents. Itshould be noted that in an alternative implementation, the decryptionkey is outputted as a bar code. The decryption information is outputtedon a paper or in an electronic format.

FIG. 4B is a flow diagram of a generalized process by which themultimedia output device 120 generates a decrypted representation of thecontent in accordance with one embodiment of the present invention.

The process starts 450 and the multi-media output device 120 receives460 encrypted content. It should be noted that the encrypted content canbe encrypted output 170 generated by multimedia device 120.Alternatively, encrypted content can be any content provided by a userthat has been encrypted by other means than device 120. The multimediaoutput device 120 receives a key used to decrypt the encrypted content.As previously described, the key can be provided using varioustechniques, such as via a keyboard, or scanning a bar code, or using OCRwith a key printed on paper, or alternatively, the key providedelectronically.

Encryption module 340 decrypts 470 the content according to, forexample, a known decryption algorithm. Multimedia output device 120provides 480 an output of the decrypted content. The decrypted contentis outputted, for example, in an electronic format, or a networkinterface, or in a paper format, as desired by a user.

Encryption Module Architecture

FIG. 5 is a block diagram of functional modules of encryption module 340in accordance with one embodiment of the invention. The encryptionmodule 340 executes a random number generator module 510, a key andmetadata generator module 520, a module 530 for executing encryptionlogic, and a module 540 for executing decryption logic. As used herein,the term “module” refers to program logic for providing the specifiedfunctionality that can be implemented in hardware, firmware, and/orsoftware. In one embodiment, a software module is implemented with acomputer program product comprising a computer-readable mediumcontaining computer program code, which can be executed by a computerprocessor for performing the steps, operations, or processes describedherein.

The random number generation module 510 is adapted to generate a randomnumber and send the generated random number to the key and metadatageneration module 520. Module 510 is a pseudo random number generatorrunning on a microprocessor or a digital signal processor (DSP) designedfor performing the logic involved in digital signal processing. Module510 is also adapted to generate a noise signal in order to provide arandom number.

Module 520 is adapted to receive the random number generated by module510. Module 520 generates a key using the provided random number andforwards the generated key to module 530. In one embodiment, when apublic key encryption is utilized (as will be discussed below inreference to FIG. 7A), module 520 does not generate a key since a userknows his private key that will be used to decrypt the content.

Module 520 is also adapted to generate multiple keys for different partsof the content to be encrypted. Module 520 generates a uniqueidentification that will identify the electronic output of the encrypteddata. This identification will be used by the electronic output system320 to attach the identification to a removable storage device thatstores the encrypted content.

Module 520 is further adapted to receive a user selection of thesecurity level with which decryption information should be provided.Module 520 is further adapted to receive unencrypted content and toperform an action in response to the received content and a userselection. Module 520 maintains rules indicating what action needs to betaken in response the user input and received content. Examples of theserules are shown below in Table 1. In one embodiment, performing anaction includes generating decryption information. Decryptioninformation includes, for example, a key, an identification of theelectronic output of the encrypted content, and description of thereceived content. Module 520 uses well-known data extraction algorithmsto generate various descriptions of the content in response to a user'sdesired choice of the security level. Module 520 outputs the decryptioninformation to the printing output system 315 or electronic outputsystem 320 depending on the user's choice of the medium onto whichdecryption information should be provided. It should be noted that whena public key encryption method is utilized, generated decryptioninformation does not include a key since the key is provided by a user.

Example rules maintained by module 520 are shown below in Table 1.

TABLE 1 Rules for Generating Decryption information Security LevelAction 1 Generate transcript of the content Generate decryptioninformation which includes: generated key, identification of theelectronic output of the encrypted content; transcript of the content .. . . . . 7 Extract keywords from the content Generate decryptioninformation which includes: generated key, identification of theelectronic output of the encrypted content, and keywords 8 Extract keyvideo frames; Generate decryption information which includes: Generatedkey, identification of the electronic output of the encrypted content,and Key video frames 9 Extract title and date of the encrypted content,Generate decryption information which includes: Generated keyidentification of the electronic output of the encrypted content, andTitle and date of the encrypted content 10  Generate decryptioninformation which includes: Generated key, and Identification of theelectronic output of the encrypted contentA rule may be constructed such as:IF (Security level (10))Then Generate Identification of the Electronic Output of the EncryptedContent and Key

Module 530 is adapted to receive the key generated by module 520.Alternatively, module 530 is adapted to receive a key from the user.Module 530 receives the content and encrypts the content using theprovided key. Module 530 is adapted to encrypt the content using any ofthe known encryption algorithms, such as DES, IDEA, Blowfish, RSA,Triple DES, RC2 and RC4. Module 530 executes program logic for providingthe encryption functionality that can be implemented in hardware,firmware, and/or software. Hardware designs known to perform theencryption are available from, for example, Amphion Semiconductor Ltd,of Belfast, Northern Ireland. These designs are listed below.

-   -   CS5210 performs AES encryption using 128, 192, or 256 bit keys    -   CS5020 performs DES and triple DES encryption/decryption    -   CS5312 performs SHA-2 encryption with key sizes of 256, 384, or        512 bits

Hardware solutions, such as the one shown below, are also available, forexample, from Eracom Technologies AG, of Krefeld, Germany:

-   -   CSA8000 PKI-8PC/Server Encryption Adapter with RSA/DES in        hardware

RSA (public key encryption) and Diffie-Hellman key generation algorithmsare available in software development kits.

Software solutions to perform encryption are available from, forexample, RSA Security Inc., of Bedford, Mass. These solutions aredesigned to run on DSP chips. For example, Snapcrypt is a cryptographiclibrary for the TMS320C54x and other TI DSPs.

Known encryption algorithms are specified in the following documents:

-   -   DES is specified by ANSI X3.92 and FIPS 46-2, operation modes        are specified in ANSI X3.106 and FIPS 81)    -   Triple DES is specified in ANSI X9.52 and FIPS 46-3.    -   SHA-1 is in ANSI X9.30-2 and FIPS 180-1.    -   HMAC-SHA-1 is in IETF RFC 2104.    -   MD5 is in IETF RFC 1321.    -   DSA is in ANSI X9.30-1 and FIPS 186.    -   Diffie-Hellman is in ANSI X9.42

It should be noted that in one embodiment, memory 330 maintains a log ofkeys generated by encryption module 340 so that the multimedia outputdevice 120 can always re-print the key that was lost by the intendedrecipient. To increase the level of security, in one embodiment, themultimedia output device 120 maintains a list of symmetric keysencrypted with a user's public key. This method of encryption isdescribed below.

Module 540 is adapted to receive a key and encrypted content, such asthe content generated by encryption logic module 530 and to decrypt thereceived encrypted content using the key. Module 540 is adapted todecrypt the content using any of the known decryption technique. Module540 receives the key using any known technique, such as via a keyboard,scanning a bar code or using OCR with a key printed on paper. Module 540is adapted to output decrypted content onto any medium specified by auser, such as an electronic medium, a network interface, or on paper.

Methods of Encryption

FIG. 6 is a flow chart of an embodiment of the present invention inwhich a symmetric encryption method is used. As is known in the art,symmetric encryption is a type of encryption in which the same key isused to encrypt and decrypt data. The process starts 605 and themultimedia output device 120 receives 610 content from an externalsource. Encryption module 340 generates a key 620 and encrypts 630 thereceived content using the key. The multimedia output device 120 thenoutputs 640 the encrypted data. The multimedia output device 120 alsooutputs the key that is used to decrypt the content.

FIG. 7A is flow chart of an embodiment of the present invention in whicha public key encryption method is used. As is known in the art, publickey encryption is a type of encryption that uses a public/private keypair. The process starts 705 and the multimedia output device 120receives 710 content from an external source. Encryption module 340receives 720 a public key from a user. In an alternative embodiment, apublic key is provided from other sources. Encryption module 340 thenencrypts 730 the received content using the key. The multimedia outputdevice 120 then outputs 740 the encrypted data. A recipient of theencrypted data will use his private key to decrypt the data. It shouldbe noted that this method does not provide an output of the decryptioninformation since the recipient already knows his own private key. Therecipient needs to know his private key to decrypt the data.

FIG. 7B is a flow chart of an embodiment of the present invention inwhich content is encrypted using a user's private key. The processstarts 750 and the multimedia output device 120 receives 760 contentfrom an external source. Encryption module 340 receives 770 a privatekey from a user. In an alternative embodiment, a private key is providedfrom other sources. Encryption module 340 encrypts 780 the content usingthe private key, and outputs 790 encrypted content. The encryptedcontent is decrypted using a public key of a user. In an alternativeembodiment, encryption module 340 runs a hash function on the receivedcontent and encrypts the hash with a user's private key. The hashfunction is a well-known cryptographic technique to provide a shortsequence of bytes. In one embodiment, the encrypted hash is outputtedalong with the received content.

FIG. 8 is a flow chart of an embodiment of the present invention inwhich encryption module 340 generates a key, encrypts the content withthe key, and encrypts the generated key with a recipient's public key.The process starts 805 and the multimedia output device 120 receives 810content from an external source. Encryption module 340 receives 820 apublic key from a user and generates 830 a symmetric key. It should benoted that if the encrypted data is intended for someone other than auser, the user provides the public key of the intended recipient. Module340 then encrypts 840 the received content with the generated symmetrickey. In step 850, module 340 encrypts the generated symmetric key withthe received public key. The multimedia output device 120 then provides860 an output of the encrypted information, including the encryptedsymmetric key that will be used to decrypt the symmetric key. Themultimedia output device 120 then outputs 870 the encrypted contentseparately from the key. To decrypt the content, a user would have todecrypt the symmetric key with his private key and then decrypt thecontent with the symmetric key. It should be noted that the aboveprocess can be repeated with several distinct public keys, each keyreceived from a different user, so that the symmetric key is encryptedas many times as the number of the provided public keys. Generatingindividual outputs for a set of users allows each user to decrypt thecontent without the knowledge of another user's private key. Thisembodiment is utilized when documents need to be secure, yet sharedamong members of a group.

FIG. 9 is a flow chart of an alternative embodiment for encrypting thecontent. The process starts 905 and the multimedia output device 120receives 910 content from an external source. Encryption module 340generates 920 a key and encrypts 930 the content with the key.Encryption module 340 then generates 940 multiple fractional keys, eachkey containing a subset of the generated key. Fractional keys can begenerated by any reversible method of decomposition which operates upona sequence of bits. For example, a series of keys which will be combinedbitwise by a Boolean XOR operation might be generated. Alternatively,the key could be divided bitwise into 2 or more contiguous sets of bits.Alternatively, an algorithm which divides the bit in some other way,such as choosing bits using module arithmetic, can be used. Anyalgorithm can be used, so long as the key is divided unambiguously intocomponents which will be recombined according to some method in orderfor decryption to proceed. The multimedia output device 120 then outputs950 the encrypted content. The multimedia output device 120 also outputs960 each of the generated fractional keys that are used to decrypt thecontent. These keys can then be distributed and must be recombined inorder for decryption to proceed. This embodiment can be utilized, forexample, to provide a facility like a bank safety deposit box, whereboth a bank manager key and a customer key are required to open the box.

It should be noted that any of the steps, operations, or processesdescribed herein can be performed or implemented with one or moresoftware modules or hardware modules, alone or in combination with otherdevices.

Encryption of Audio Data

As previously described in reference to FIG. 3, output device 120includes an embedded A/V content recognition module 370 which enablesthe output device 120 to recognize particular properties in the contentand process the data based on the recognized content. Audio data may berepresented in several ways. For example, intelligible conversations maybe transcribed, and their contents printed out onto paper. In addition,descriptions of audio events along with the time and location of theevent can also be depicted on paper. The functionality of A/V contentrecognition module 370 is described in a co-pending U.S. patentapplication Ser. No. 10/814,950 entitled, “Printing System With EmbeddedAudio/Video Content Recognition and Processing,” to Hull et. al., filedMar. 30, 2004, which application is incorporated by reference in itsentirety.

Briefly, a speech recognition processing method is applied to the audiodata. The text is printed on a paper document. A representation isprovided that indexes the words or phrases that were recognized withhigh confidence. The print dialog box provides controls for modifyingrecognition thresholds and layout parameters.

In one embodiment of the present invention, the functionality of the A/Vcontent recognition module 370 is embedded into the key and metadatageneration module 520. Module 520 is adapted to produce various levelsof detailed processing of the audio data, in response to a userselection, as described in more details in reference to FIG. 5. Forexample, module 520 is adapted to produce a transcript of the audio dataor high confidence keywords that serve as a memory jog for the creator.In the latter case, the keywords would not reveal the contents of theaudio data. As previously discussed in reference to FIGS. 2A and 5, auser, for example, selects an option that would print just a key fordecrypting the encrypted content. This is the most secure way ofoutputting decryption information. A user, for example, selects anoption that would provide for outputting of a few keywords of theencrypted content. In this case, if the document fell into unauthorizedhands, such a printout might provide some clue to the nature of theencrypted data.

Encryption of Video Data

A/V content recognition module 370 produces various styles of videopaper. Video paper is a system for multimedia browsing, analysis, andreplay. Briefly, key frames are extracted from video data and printed onpaper along with bar codes that allow for random access and reply. Videopaper technology is described in “The Video Paper Multimedia PlaybackSystem”, Jonathan J. Hull, Berna Erol, Jamey Graham, and Dar-Shyang LeeRicoh Innovations, Inc. Module 370 is adapted to print one key frame forthe whole video file. Alternatively, module 370 prints one key frame perclip. In an alternative embodiment, module 370 prints one key frame perscene. Yet in another embodiment, module 370 prints key frames alongwith closed caption transcript text. Each of these is adapted to includebar codes to replay the video.

In one embodiment, the functionality of the A/V module to generatevarious styles of video paper is embedded into module 520. Module 520 isadapted to produce various levels of detailed processing of the videodata, in response to a user selection, as described in more details inreference to FIG. 5. If, for example, a user selected an option thatwould provide for outputting key frames from video data along with akey, module 520 generates an output that would include the key framesalong with the key.

It should be noted that the key and metadata module 520 is also adaptedto generate separate keys for different segments, video clips, speakers,or parts of a recorded meeting (such that one key is generated for videodata, one for audio data, one for power point, and one for whiteboard).In addition, some recipients are given the keys selectively for certainparts of the content.

The foregoing description of the embodiments of the invention has beenpresented for the purpose of illustration; it is not intended to beexhaustive or to limit the invention to the precise forms disclosed.Persons skilled in the relevant art can appreciate that manymodifications and variations are possible in light of the aboveteachings. It is therefore intended that the scope of the invention belimited not by this detailed description, but rather by the claimsappended hereto.

1. A multimedia output device for outputting content in an encryptedform, the multimedia output device comprising: an interface forreceiving the content from an external source; an encryption modulewithin the multimedia output device, the encryption module coupled tothe interface to receive the content to be encrypted and to encrypt thecontent; and a first output system in communication with the encryptionmodule to receive the encrypted content and produce a first output ofthe encrypted content.
 2. The multimedia output device of claim 1,wherein the encryption module further comprises: a metadata generationmodule for receiving the content to be encrypted and a user selection ofa level of security with which decryption information should beoutputted, and for generating the decryption information based on thereceived content and in response to the user selection.
 3. Themultimedia output device of claim 2, further comprising: a second outputsystem in communication with the metadata generation module to receivethe decryption information and to produce a printable output of thedecryption information.
 4. The multimedia output device of claim 2,wherein the decryption information comprises a key.
 5. The multimediaoutput device of claim 2, wherein the decryption information comprisesan identifier of an electronic output of the encrypted content.
 6. Themultimedia output device of claim 2, wherein the decryption informationcomprises a description of the content of the encrypted content.
 7. Themultimedia output device of claim 1, wherein the encryption module isfurther adapted to generate a key and to encrypt the content using thegenerated key.
 8. The multimedia output device of claim 1, wherein theencryption module is further adapted to generate a plurality offractional keys, each fractional key containing a subset of thegenerated key.
 9. The multimedia output device of claim 7, wherein themultimedia output device further comprises a memory for storing thegenerated key.
 10. The multimedia output device of claim 1, wherein theencryption module is further adapted to receive a key, from an externalsource, and to encrypt the content using the received key.
 11. Themultimedia output device of claim 1, wherein the encryption module isfurther adapted to decrypt the content.
 12. The multimedia output deviceof claim 1, wherein the encryption module is further adapted to encryptthe content using a user private key.
 13. The multimedia output deviceof claim 2, wherein the first output system is further adapted toreceive generated decryption information and produce an electronicoutput of the decryption information.
 14. The multimedia output deviceof claim 1, wherein the encryption module is further adapted to:receive, from a source, a public key of an intended recipient, generatea symmetric key, encrypt the content with the symmetric key, and encryptthe symmetric key with the public key.
 15. The multimedia output deviceof claim 14, wherein the second output system is further adapted toreceive the encrypted symmetric key and to produce a printed output ofthe encrypted symmetric key.
 16. The multimedia output device of claim1, wherein the encryption module is further adapted to generate aplurality of keys, each key is designated to encrypt a correspondingsegment of the content.
 17. The multimedia output device of claim 14,wherein the encryption module is further adapted to receive a pluralityof public keys and to encrypt the symmetric key with each receivedpublic key.
 18. The multimedia output device of claim 1, wherein theinterface comprises a removable content storage reader.
 19. Themultimedia output device of claim 1, wherein the interface comprises avideo input device selected from a group consisting of: a DVD reader, avideo cassette tape reader, and a flash card reader.
 20. The multimediaoutput device of claim 1, wherein the interface comprises an audio inputdevice selected from a group consisting of: a CD reader, an audiocassette tape reader, and a flash card reader.
 21. The multimedia outputdevice of claim 1, wherein the interface comprises an embedded receiverselected from a group consisting of: an embedded TV receiver, anembedded radio receiver, an embedded short-wave radio receiver, anembedded satellite radio receiver, an embedded two-way radio, and anembedded cellular phone.
 22. The multimedia output device of claim 1,wherein the interface comprises an embedded video recorder, wherein theexternal source of content is a series of images captured by embeddedthe video recorder, converted into an electrical format, and thenprovided to the content processing system.
 23. The multimedia outputdevice of claim 1, wherein the interface comprises an embedded audiorecorder, wherein the external source of content is a series of soundsthat are converted into an electrical format by the embedded audiorecorder and then provided to the content processing system.
 24. Themultimedia output device of claim 1, wherein the first output system isconfigured to write the electronic representation to a removable mediastorage device.
 25. The multimedia output device of claim 24, whereinthe removable storage device is selected from a group consisting of: aDYD, a video cassette tape, a CD, an audio cassette tape, a flash card,a computer disk, an SD disk, and a computer-readable medium.
 26. Themultimedia output device of claim 1, wherein the first output systemcomprises a media writer.
 27. The multimedia output device of claim 1,wherein the first output system comprises an embedded web page display.28. A method for outputting encrypted content, the method comprising:receiving unencrypted content from a source; encrypting the content, bya multimedia output device, to generate a first output of the encryptedcontent; and producing the first output of the encrypted content. 29.The method of claim 28, further comprising: generating a key used todecrypt the content; and encrypting the content, using the generatedkey.
 30. The method of claim 29, further comprising a step of generatinga plurality of fractional keys, each fractional key containing a subsetof the generated key.
 31. The method of claim 29, further comprising astep of decrypting the encrypted content using the generated key. 32.The method of claim 28, further comprising: receiving a user's privatekey; and encrypting the content using the private key.
 33. The method ofclaim 28, further comprising: receiving a user selection of a level ofsecurity with which decryption information should be outputted;generating a decryption information, based on the unencrypted contentand in response to the user selection; and producing a second output ofthe decryption information.
 34. The method of claim 28, wherein thesource comprises one selected from the group consisting of: a scanner; avideo device; an audio device; a memory card; a storage device; afacsimile source; an email source; an a wireless source.
 35. The methodof claim 28, wherein producing the first output further comprisesproducing an electronic output.
 36. The method of claim 28, whereinproducing the first output further comprises producing a printableoutput.
 37. The method of claim 33, wherein producing the second outputfurther comprises producing an electronic output.
 38. The method ofclaim 33, wherein producing the second output further comprisesproducing a printable output.
 39. The method of claim 33, wherein thedecryption information is an identifier of the first output of theencrypted content.
 40. The method of claim 33, wherein the decryptioninformation is a description of the content of the encrypted content.41. The method of claim 33, wherein the decryption information is a keyused to decrypt the encrypted content.
 42. The method of claim 28,further comprising: receiving, from a source, a public key of anintended recipient; generating a symmetric key; encrypting the contentwith the symmetric key; and encrypting the symmetric key with the publickey.
 43. The method of claim 28, further comprising: receiving aplurality of public keys; and encrypting the symmetric key with eachreceived public key.
 44. The method of claim 29, further comprisinggenerating a plurality of keys used to decrypt the content, eachgenerated key is designated to decrypt a corresponding segment of thecontent.
 45. A computer program product comprising a computer-readablestorage medium containing computer program code for performing stepsincluding: receiving unencrypted content from a source; encrypting thecontent, by a multimedia output device, to generate a first output ofthe encrypted content; an producing the first output of the encryptedcontent.
 46. The computer program product of claim 45, furthercomprising computer program code for: generating a key used to decryptthe content; and encrypting the content, using the generated key. 47.The computer program product of claim 46, further comprising computerprogram code for generating a plurality of fractional keys, eachfractional key containing a subset of the generated key.
 48. Thecomputer program product of claim 46, further comprising computerprogram code for of decrypting the encrypted content using the generatedkey.
 49. The computer program product of claim 45, further comprisingcomputer program code for: receiving a user's private key; andencrypting the content using the private key.
 50. The computer programproduct of claim 45, further comprising computer program code for:receiving a user selection of a level of security with which decryptioninformation should be outputted; generating a decryption information,based on the unencrypted content and in response to the user selection;an producing a second output of the decryption information.
 51. Thecomputer program product of claim 45, wherein the source comprises oneselected from the group consisting of: a scanner; a video device; anaudio device; a memory card; a storage device; a facsimile source; anemail source; and a wireless source.
 52. The computer program product ofclaim 45, wherein producing the first output further comprises producingan electronic output.
 53. The computer program product of claim 45,wherein producing the first output further comprises producing aprintable output.
 54. The computer program product of claim 50, whereinproducing the second output further comprises producing an electronicoutput.
 55. The computer program product of claim 50, wherein producingthe second output further comprises producing a printable output. 56.The computer program product of claim 50, wherein the decryptioninformation is an identifier of the first output of the encryptedcontent.
 57. The computer program product of claim 50, wherein thedecryption information is a description of the content of the encryptedcontent.
 58. The computer program product of claim 50, wherein thedecryption information is a key used to decrypt the encrypted content.59. The computer program product of claim 45, further comprisingcomputer program code for: receiving, from a source, a public key of anintended recipient; generating a symmetric key; encrypting the contentwith the symmetric key; and encrypting the symmetric key with the publickey.
 60. The computer program product of claim 45, further comprisingcomputer program code for: receiving a plurality of public keys; andencrypting the symmetric key with each received public key.
 61. Thecomputer program product of claim 46, further comprising computerprogram code for generating a plurality of keys used to decrypt thecontent, each generated key is designated to decrypt a correspondingsegment of the content.